config.py in pystemon before 2021-02-13 allows code execution via YAML deserialization because SafeLoader and safe_load are not used. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.
Deserialization
RCE
Pystemon
NVD
GitHub
CVSS 3.1
9.8
EPSS
2.6%